Self signed certificate on CCR nodes?
I noticed our active node in our CCR cluster has an expired self signed certificate. This wasn't noticable until errors in Microsoft Entourage started coming up saying the certificate on the node was invalid or expired. Sure enough it is expired.
I am puzzled because I thought certs were only used on HUBs, Edge and CAS. If I run new-exchangecertificate in powershell, I get a warning about it needs to run on a hub, edge, etc.
I have a few questions. Can I just delete the certificate? Since this is a mailbox server (active node in ccr cluster) there shouldn't be a certificate on it? Thanks
March 23rd, 2011 12:24am
“A self-signed certificate is installed on every Exchange 2007 server role except for the Mailbox server role”
---------Refer to <Understanding
the Self-Signed Certificate in Exchange 2007>
Yes. According to the article above, self-signed certificate shouldn’t appear on MBX serverPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2011 11:30am
Thanks James. I did read the article prior to posting, so that is one of the reasons for my querstion. Not only am I wondering why there is a certificate on the mbox server, but why is even Entourage is looking at it.
March 28th, 2011 7:33am
And I can’t find any certificate on my CCR nodes via MMC as well
Please provide the exact error information on the entourage
Please check if there’s any related event in the application log on the nodes
Please increase the diagnostic logging level for the “MSExchangeIS” component in the CCR node, reproduce the issue, and check the event
log again for further error events
Diagnostic Logging of Exchange Processes
Please run ExBPA against the CMS for health checkPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
March 28th, 2011 9:11am
Any update about it?Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
March 29th, 2011 6:37am